Last week there was a post to bugtraq about ways to exploit badly written scripts using cdonts.newmail, that exploited the fact that there was a SMTP conversation going on behind the scenes. This type of exploit can probably be used on a ton of other form mail type things, that use SMTP in the back end.
http://www.nextgenss.com/papers/aspmail.pdf the quick summary is make sure you strip out \r's and \n's from fields that can't or shouldn't have them. The example uses a to address like this http://www.company.com/newsletter.asp?[EMAIL PROTECTED]%0D%0Adata%0D% 0ASubject:%20Spoofed!%0D%0A%0D%0AHi,%0D%0AThis%20is%20a%20spoofed%20email%0D %0A.%0D%0Aquit%0D%0A and just blindly set the to field in newmail. adam > -----Original Message----- > From: A.T.Z. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 9:22 AM > To: [EMAIL PROTECTED] > Subject: Re: formmail spammers > > > > >so, we've been having a spam problem lately due to formmail.pl. this > >thread prompted me to scan all our user directories and note people > >who had formmail.pl sitting around. > > We hardcoded the TO address in FormMail.pl and tell all our > customers to do > the same. > > Spammers trying to use the script will fail. Only the address > in the TO > field gets one messages.. > > Perhaps not the best solution around, but it will do until we > fix something > else. They don't get their spam out to the world. And we send > their ISP a > nice notification about what that user was trying to do. > Complete with > logfiles.. > > Once you're a know target they will come back.. > > Bye, > > > > B. >